From BugTraq posting:
* If anonymous FTP is enabled, a remote user may gain unauthorized
root access.
* A user with access to a local account may gain unauthorized root
access.
* A remote user who can successfully authenticate to the FTP daemon
may obtain unauthorized root access, regardless of whether anonymous
FTP is enabled or whether access is granted to a local account.
This vulnerability is believed to be somewhat difficult to exploit.
This announcement and code patches related to it may be found on the
MIT Kerberos security advisory page at:
http://web.mit.edu/kerberos/www/advisories/index.html